Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
Agreed. But that won't stop the shit storm. People will agree out of one side of their mouth that it sounds reasonable for Apple to do this, but still demand that they "fix" it anyway. To do otherwise would be to take responsibility for one's actions. Something that's been an anachronism for many years now.
Agreed, but there should be a way to get the Phone reauthorized by Apple. I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
Because you know exactly how it all works?
That's a strange response. Where did I say, or even imply that? Did you think that my raising the question was somehow inappropriate? Apple has apparently said to contact support if this happens. Does it seem reasonable to you that they just want to have the opportunity to tell you in person that your phone is irrecoverably bricked?
Good! Anybody who messes with their Touch ID, in an unauthorized way, should have their phone bricked.
This is how security is supposed to be. What's the point in security if it's not secure? This is not Android that we're talking about here. I have lots of valuable info on my iPhone.
I have no intentions of messing with my Touch ID or hiring an illegal alien or unauthorized technician to fix my Touch ID, so no worries here.
I agree in principle, however, the error message should provide better communication to the user, not just Error 53. You know something like "iOS has detected a security issue with Touch ID. Please visit an authorized Apple repair location. Error 53."
On thinking about it ... it might also make more sense to simply disable TouchID on the device instead of bricking it. The error message could tell you what you did and what the consequences were instead of being obtuse and killing the phone as well.
Good lord, that's how I thought it worked all along. The TouchID chip is linked to something on the motherboard so it can't just be replaced. I had a 5s with a broken screen and I ripped the touch ID cable when I was replacing it. I researched it and learned that touchID was gone for good. I installed an iPhone 5 home button and all was well except no Touch ID. I since sold that phone. I recently repaired a 5s for someone else and took care to 1) not rip the cable and 2) transfer the Touch ID assembly to the new display assembly. I assume that this will present no problem.
apple probably could reauthorize the device, but it would be pointless without also checking and validating all the hardware changes. you might as well buy a new device.
I can't see any negative security implications from being able to take it to an Apple Store, verify ones identity, and reactivate the secure element.
Did you read the article? Apple has no way to know what was done to the phone by the unauthorized tampering/repairing and they can't be sure that a thief hasn't extracted the fingerprint information on the hardware. Bricking is the only foolproof way to eliminate any possibility of fraud. AND... unauthorized dismantling of Touch ID on the phone violates the Apple warranty so they are not obligated to fix it.
I agree with everything but the bolded statement. You only void the warranty while it is in warranty. After warranty period is over you are free to do with your phone as you like and you live with the consequence of those activity. Apple can not deny to fix it if you are willing to pay to have it fix outside warranty even if you had work done elsewhere. I hear in car forums all the time people do not want to pay to play, meaning if you going to modify your car and work on it yourself and you screw something up in the process it does not mean the manufactures has to fix your problems free of charge even in warranty.
I think your right in the case, separating the touch ID form the secure element is a security feature and done to protect your information on the phone. They most likely have some sort of fuseable link in the secure element which breaks on the touch ID is separated.
Apple are probably going to get sued over this. It is something intentionally built into iOS 9. Deliberately incapacitating an iPhone someone has paid a lot of money for is probably illegal in the EU.
Imagine if car manufacturers did this. You put aftermarket brake pads on it, then later take it in f or a dealer service and they update the firmware in the ECU. You go back to pick up your car and they say 'sorry, mate, the new firmware has detected you fitted non genuine brake pads and has disabled your car - you will have to buy a new one.
Yeah, I can see people saying 'Oh... ok. Fair enough.'
Apple are probably going to get sued over this. It is something intentionally built into iOS 9. Deliberately incapacitating an iPhone someone has paid a lot of money for is probably illegal in the EU.
Imagine if car manufacturers did this. You put aftermarket brake pads on it, then later take it in f or a dealer service and they update the firmware in the ECU. You go back to pick up your car and they say 'sorry, mate, the new firmware has detected you fitted non genuine brake pads and has disabled your car - you will have to buy a new one.
Yeah, I can see people saying 'Oh... ok. Fair enough.'
Any morons out there are free to sue if they so desire.
Do you even have an iPhone? You've been anti-Apple for as long as I can remember.
You should just buy an Android phone, as it seems that you would be much happier with such a phone, as the Android mentality is obviously better suited for you.
Good for Apple for taking security seriously, despite the protests of a few confused people who wish for iPhones to be less secure. Apple can't allow any two bit, unauthorized technicians to tamper with the security of their phones! What planet do you live on?
I also find your analogy to be rather lacking. Apple is not going to disable any phones if somebody goes and gets their screen fixed, as that doesn't directly relate to the security of the phone. But if somebody goes ahead and tampers with Touch ID, then you better believe that Apple is 100% in the right for bricking any such phones.
Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
Ireland doesn't have an Apple store. I'm not sure about authorised repairers who could do the job.
Why isn't there an option for getting Apple to do the authorisation and not having to get a new phone?
because thats what you should have done *before* having someone else crack it open. the reason the warranty is voided after is because they dont know how they may have butchered it. seems pretty obvious.
Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
As I posted on another forum regarding this issue, intelligent people will understand why Apple did this. It's the rest that will complain. Last thing I want is for some a-hole to get their hands on my phone, replace my Touch ID with a hacked one and take my phone along with Apple Pay on a shopping spree. I'll leave that fun to the complainers.
"This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support."
That's Apple's newly updated statement to Appleinsider. It's quite obvious that Apple takes security and Apple Pay seriously. I am glad that my iPhone and other iOS devices are secure and that I can trust conducting various financial transactions on my devices.
Anybody who disagress with Apple on this topic is obviously a proponent of fraud. Apple devices are not designed for such people, and they should buy other, less secure devices. I have many good suggestions for them, in case they are seeking any advice.
Apple are probably going to get sued over this. It is something intentionally built into iOS 9. Deliberately incapacitating an iPhone someone has paid a lot of money for is probably illegal in the EU.
Imagine if car manufacturers did this. You put aftermarket brake pads on it, then later take it in f or a dealer service and they update the firmware in the ECU. You go back to pick up your car and they say 'sorry, mate, the new firmware has detected you fitted non genuine brake pads and has disabled your car - you will have to buy a new one.
Yeah, I can see people saying 'Oh... ok. Fair enough.'
Do you even have an iPhone? You've been anti-Apple for as long as I can remember.
i doubt it; he seems to be a one-trick-pony bent on trolling the forums with anti-apple sentiment anytime he can work it in. whether hes a paid shill or just doing it out of "passion" i cant say...
At first I thought this might be an overreaction on the part of Apple's security analysts. After all, the Secure Enclave is meant to be a "write-only" store with feature-detection, feature storage, and comparison to candidate prints all built in. All it has to do is store newly authenticated prints and compare stored prints with new candidates, returning a yay or nay back to the CPU via some authenticated channel. What could possibly be wrong with changing the input device (fingerprint scanner)?
A bit more thought though led to this scenario. Nefarious organization builds special fingerprint scanner with all the original functions plus a new one - the ability to store a few candidate prints (say, the last 3). Repair shop installs the device in place of the original. Time passes, phone is then stolen/acquired by this organization (perhaps one whose first initial is N followed by SA). The phone's modified input device can now be triggered to present some recently used fingerprint images directly from the new fingerprint scanner and is quite likely to cause the device to be unlocked.
Apple is probably quite sensitive to the possibility of this type of access right now - there's a lot of pressure on them from governments to allow backdoor device access. If Apple were to allow unauthorized 3rd party input devices they could no longer claim a backdoor is not possible to install (in this case, a hardware backdoor).
In this case, Apple is probably playing the good guy role.
Can’t wait to read about the coming class action lawsuit. You KNOW it’s coming. Except for that little thing called a warranty agreement that says unauthorized third party repairs void the warranty. Read the fine print.
Absolutely the way it should be done. Anyone complaining about it hasn't thought thru the possible even if unlikely consequences of it not working that way.
I think it is clear who hasn't thought through the possibilities here...Apple doesn't need to brick the phone, only disable the touch-id system.
-kpluck
Have Apple repair the button. Apple doesn't promise you happiness for life, but they do promise a certain level of security. These same people would sue Apple after they have the defective home button installed by an unauthorized repair shop when their iTunes account is compromised. You can't have it both ways.
Why not fix the problem by having iOS wipe out the data in the secure enclave/Touch ID, thus ensuring the data is not compromised instead of bricking it? Or at least let the phone work without use of Touch ID (yikes, it'd be like using an iPhone 5). Yes, this would allow non-Apple authorized repairs to actually succeed and possibly deprive Apple of a bit of revenue.
As for the person quoted in the Guardian article that lost all of his/her data: backup your stuff! Data-wise this is no different than losing your iPhone. Apple makes it so easy to backup and restore that there should be no excuses. If you value the information then back it up.
The problem is that doesn't deter thieves. Thieves will get a workable phone to resell or use.
Comments
This is how security is supposed to be. What's the point in security if it's not secure? This is not Android that we're talking about here. I have lots of valuable info on my iPhone.
I have no intentions of messing with my Touch ID or hiring an illegal alien or unauthorized technician to fix my Touch ID, so no worries here.
I agree with everything but the bolded statement. You only void the warranty while it is in warranty. After warranty period is over you are free to do with your phone as you like and you live with the consequence of those activity. Apple can not deny to fix it if you are willing to pay to have it fix outside warranty even if you had work done elsewhere. I hear in car forums all the time people do not want to pay to play, meaning if you going to modify your car and work on it yourself and you screw something up in the process it does not mean the manufactures has to fix your problems free of charge even in warranty.
I think your right in the case, separating the touch ID form the secure element is a security feature and done to protect your information on the phone. They most likely have some sort of fuseable link in the secure element which breaks on the touch ID is separated.
It's not...
Imagine if car manufacturers did this. You put aftermarket brake pads on it, then later take it in f or a dealer service and they update the firmware in the ECU. You go back to pick up your car and they say 'sorry, mate, the new firmware has detected you fitted non genuine brake pads and has disabled your car - you will have to buy a new one.
Yeah, I can see people saying 'Oh... ok. Fair enough.'
Do you even have an iPhone? You've been anti-Apple for as long as I can remember.
You should just buy an Android phone, as it seems that you would be much happier with such a phone, as the Android mentality is obviously better suited for you.
Good for Apple for taking security seriously, despite the protests of a few confused people who wish for iPhones to be less secure. Apple can't allow any two bit, unauthorized technicians to tamper with the security of their phones! What planet do you live on?
I also find your analogy to be rather lacking. Apple is not going to disable any phones if somebody goes and gets their screen fixed, as that doesn't directly relate to the security of the phone. But if somebody goes ahead and tampers with Touch ID, then you better believe that Apple is 100% in the right for bricking any such phones.
As I posted on another forum regarding this issue, intelligent people will understand why Apple did this. It's the rest that will complain. Last thing I want is for some a-hole to get their hands on my phone, replace my Touch ID with a hacked one and take my phone along with Apple Pay on a shopping spree. I'll leave that fun to the complainers.
That's Apple's newly updated statement to Appleinsider. It's quite obvious that Apple takes security and Apple Pay seriously. I am glad that my iPhone and other iOS devices are secure and that I can trust conducting various financial transactions on my devices.
Anybody who disagress with Apple on this topic is obviously a proponent of fraud. Apple devices are not designed for such people, and they should buy other, less secure devices. I have many good suggestions for them, in case they are seeking any advice.
A bit more thought though led to this scenario. Nefarious organization builds special fingerprint scanner with all the original functions plus a new one - the ability to store a few candidate prints (say, the last 3). Repair shop installs the device in place of the original. Time passes, phone is then stolen/acquired by this organization (perhaps one whose first initial is N followed by SA). The phone's modified input device can now be triggered to present some recently used fingerprint images directly from the new fingerprint scanner and is quite likely to cause the device to be unlocked.
Apple is probably quite sensitive to the possibility of this type of access right now - there's a lot of pressure on them from governments to allow backdoor device access. If Apple were to allow unauthorized 3rd party input devices they could no longer claim a backdoor is not possible to install (in this case, a hardware backdoor).
In this case, Apple is probably playing the good guy role.